urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
13.107.6.194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://fal.cn/3v1jh
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIU...
Submission: On January 17 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 13.107.6.194, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is forms.office.com. The Cisco Umbrella rank of the primary domain is 5847.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on July 20th 2022. Valid for: a year.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 35.157.82.146 16509 (AMAZON-02)
1 13.107.6.194 8068 (MICROSOFT...)
6 42.99.140.194 4637 (ASN-TELST...)
8 3
Apex Domain
Subdomains		 Transfer
6 office.net
cdn.forms.office.net — Cisco Umbrella Rank: 8409
215 KB
1 office.com
forms.office.com — Cisco Umbrella Rank: 5847
17 KB
1 fal.cn
fal.cn — Cisco Umbrella Rank: 239696
603 B
8 3
Domain Requested by
6 cdn.forms.office.net forms.office.com
cdn.forms.office.net
1 forms.office.com forms.office.com
1 fal.cn 1 redirects
8 3

This site contains no links.

Subject Issuer Validity Valid
forms.office.com
Microsoft Azure TLS Issuing CA 02		 2022-07-20 -
2023-07-15		 a year crt.sh
cdn.forms.office.net
Microsoft Azure TLS Issuing CA 06		 2022-09-28 -
2023-09-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true
Frame ID: 71E43D9275C71A132F1D45733CBA5B24
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft Forms

Page URL History Show full URLs

  1. https://fal.cn/3v1jh HTTP 301
    https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

232 kB
Transfer

530 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fal.cn/3v1jh HTTP 301
    https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ResponsePage.aspx
forms.office.com/Pages/
Redirect Chain
  • https://fal.cn/3v1jh
  • https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true
56 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cf025efc1c4ea5b63c8d45635b64903d40e61829b919c3cf345c527b71386f7f
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 17 Jan 2023 01:24:25 GMT
expires
0
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
pragma
no-cache
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-correlationid
1e60b3a7-d2c6-4b6d-abff-5b463fa33bb4
x-msedge-ref
Ref A: EA0FDF6519354184AC7F84859559D293 Ref B: MEL01EDGE1018 Ref C: 2023-01-17T01:24:22Z
x-officecluster
aue-001.forms.office.com
x-officefe
FormsSingleBox_IN_1
x-officeversion
16.0.16111.42056
x-robots-tag
noindex, nofollow
x-routingcorrelationid
1e60b3a7-d2c6-4b6d-abff-5b463fa33bb4
x-routingofficecluster
aue-001.forms.office.com
x-routingofficefe
FormsSingleBox_IN_1
x-routingofficeversion
16.0.16111.42056
x-routingsessionid
ae2bea77-3ffc-4384-ae15-d8fb664cd345
x-usersessionid
ae2bea77-3ffc-4384-ae15-d8fb664cd345

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
content-type
text/html;charset=UTF-8
date
Tue, 17 Jan 2023 01:24:21 GMT
expires
0
location
https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true
pragma
no-cache
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
ls-response.default.031fcb5bc.js
cdn.forms.office.net/forms/scripts/dists/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/ls-response.default.031fcb5bc.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
42.99.140.194 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS
ip-42-99-140-194.pacnet.net
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
308c23aef72374a6557537625ee7fef2e8182d20a3e2977988e50b20377f2efc

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 Jan 2023 01:24:27 GMT
content-encoding
br
content-md5
diF8aIH7h/3mFUQu1sGtfw==
content-length
7707
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:09 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18EFB71CF6
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f8d00f47-001e-000d-720b-2046f5000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Wed, 17 Jan 2024 01:24:27 GMT
light-response-page.min.782054a.css
cdn.forms.office.net/forms/css/dist/ 		144 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/css/dist/light-response-page.min.782054a.css
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
42.99.140.194 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS
ip-42-99-140-194.pacnet.net
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
08ba09dac3da34e2a3798e4b18b991c1528fda8e5db0138e06507f5dadb6e50b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 Jan 2023 01:24:27 GMT
content-encoding
br
content-md5
xlwh8JhNiMsfL+kjBXA0yw==
content-length
23589
x-ms-lease-status
unlocked
last-modified
Thu, 12 Jan 2023 08:01:13 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAF4732CDA5E52
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
6e5120d6-e01e-000c-6862-264708000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Wed, 17 Jan 2024 01:24:27 GMT
light-response-page.min.20ea671.js
cdn.forms.office.net/forms/scripts/dists/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.20ea671.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u&qrcode=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
42.99.140.194 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS
ip-42-99-140-194.pacnet.net
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
79b795b668f495419b1287325ccbe791983c886ca5cb8a63bbce45763eb67c79

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 Jan 2023 01:24:27 GMT
content-encoding
br
content-md5
lMkuayAP1qq2No3xu9cAhw==
content-length
88353
x-ms-lease-status
unlocked
last-modified
Fri, 13 Jan 2023 10:33:13 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAF55192C8B153
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
45aa131a-701e-004d-0a3e-276f1b000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Wed, 17 Jan 2024 01:24:27 GMT
runtimeFormsWithResponses('KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u')
forms.office.com/formapi/api/2a628329-47c2-4e25-a873-a847f2961371/users/63f75fd5-d771-422a-ba34-5e24d1263e78/light/ 		0
0
light-response-page.chunk.lrp_ext.c7de252.js
cdn.forms.office.net/forms/scripts/dists/ 		0
59 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.c7de252.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.20ea671.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
42.99.140.194 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS
ip-42-99-140-194.pacnet.net
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 Jan 2023 01:24:28 GMT
content-encoding
br
content-md5
/gxXAAX6aL8auD4qhqgnOg==
content-length
59585
x-ms-lease-status
unlocked
last-modified
Thu, 12 Jan 2023 08:02:01 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAF473494FEB55
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
bb82dad3-d01e-0026-2862-26324d000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Wed, 17 Jan 2024 01:24:28 GMT
light-response-page.chunk.lrp_cover.138c4bd.js
cdn.forms.office.net/forms/scripts/dists/ 		0
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_cover.138c4bd.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.20ea671.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
42.99.140.194 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS
ip-42-99-140-194.pacnet.net
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 Jan 2023 01:24:28 GMT
content-encoding
br
content-md5
BuH+FzkNszGaZxEQnyM/0g==
content-length
34453
x-ms-lease-status
unlocked
last-modified
Thu, 12 Jan 2023 08:02:01 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAF473494F9D3C
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
16351b29-601e-003f-1e62-261e25000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Wed, 17 Jan 2024 01:24:28 GMT
light-response-page.chunk.lrp_post.boot.96ffbd4.js
cdn.forms.office.net/forms/scripts/dists/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.96ffbd4.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.20ea671.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
42.99.140.194 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS
ip-42-99-140-194.pacnet.net
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 17 Jan 2023 01:24:28 GMT
content-encoding
br
content-md5
tPPrRRSMYe8BcEofl4aNRw==
content-length
3704
x-ms-lease-status
unlocked
last-modified
Thu, 12 Jan 2023 08:02:01 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAF47349495CAD
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
663abf99-401e-004e-3f62-266c1c000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Wed, 17 Jan 2024 01:24:28 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
forms.office.com
URL
https://forms.office.com/formapi/api/2a628329-47c2-4e25-a873-a847f2961371/users/63f75fd5-d771-422a-ba34-5e24d1263e78/light/runtimeFormsWithResponses('KYNiKsJHJU6oc6hH8pYTcdVf92Nx1ypCujReJNEmPnhUME44Q1hJVDFXWUg4RldFS0dIUk0wUFhNVy4u')?$expand=questions($expand=choices)

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange string| formsInitialVisibility object| NavKeyPoints function| reloadNoCdn object| OfficeFormServerInfo object| FormPrefetchCache object| FormsLsMap function| setPublicPath function| replaceChunkSrc object| webpackChunk function| formsModuleResolveErrorCallback object| formClientApi object| formsLsPromiseMap

1 Cookies

Domain/Path Name / Value
forms.office.com/ Name: __RequestVerificationToken
Value: AxdRowi2jidfmZFpkvHuwxGM38GSrcY5RkfYQjO_t-erxX64WlgUGo2kT5SIaGkw3BqW3pvYDvgtVHISiUZu4a2kzUmBpDYNbRNjZGPQ9lg1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; includeSubDomains